Severity by source
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionGitHub Advisory
Summary
A flaw in Tauri's is_local_url() function causes it to incorrectly classify remote URLs as trusted local origins on Windows and Android. On these systems, Tauri maps custom URI scheme protocols to http://<scheme>.localhost/ because those platforms' WebView implementations cannot serve custom URI schemes directly.
The issue is that Tauri's check to see if the origin is local, only checks the first subdomain of the URL. An attacker can abuse this by hosting a page on a domain whose subdomain matches the custom scheme of the application (e.g. http://app.attacker.com/)."
Example:
- Local URL:
app://localhost/→ on Android/Windows:http://app.localhost/ - The check passes for any URL starting with
http://app., includinghttp://app.evil.com/
As a result, the attacker page can invoke backend commands that the developer intended to be accessible only to the app's own frontend and that are explicitly restricted from being called by external or remote origins.
Details
Vulnerable function:
#[cfg(any(windows, target_os = "android"))]
let local = {
let protocol_url = self.manager().tauri_protocol_url(uses_https);
let maybe_protocol = current_url
.domain()
.and_then(|d| d.split_once('.')) // BUG: only splits on first dot
.unwrap_or_default()
.0;
protocols.contains_key(maybe_protocol) && scheme == protocol_url.scheme()
};Link: https://github.com/tauri-apps/tauri/blob/1ef6a119b1571d1da0acc08bdb7fd5521a4c6d52/crates/tauri/src/webview/mod.rs#L1680
split_once('.') discards everything after the first .. For http://app.evil.com/, the extracted label is app. If the application has registered a protocol named app, protocols.contains_key("app") returns true and the URL is classified as Origin::Local. The correct check must assert the full domain is exactly <protocol>.localhost.
PoC
We created a proof of concept app that can be found here. The app registers a custom app:// protocol and exposes a ping command restricted to local origins only. It provides a button to open a URL in a WebView, pre-filled with https://app.robbe-bc9.workers.dev/, an attacker-controlled page that invokes ping on load. Because the domain's first label matches the registered app protocol, is_local_url() classifies it as a local origin and the command succeeds.
capabilities/main.json contains the following code, which only exposes ping locally:
{
"$schema": "../../../crates/tauri-schema-generator/schemas/capability.schema.json",
"identifier": "main",
"local": true,
"windows": ["*"],
"permissions": [
"sample:allow-ping"
]
}src/lib.rs contains the following code, to register a custom scheme:
tauri::Builder::default()
.register_uri_scheme_protocol("app", |_ctx, _request| { ... })Impact
The attacker page can invoke backend commands that the developer intended to be accessible only to the app's own frontend and that are explicitly restricted from being called by external or remote origins.
AnalysisAI
Origin confusion in Tauri's is_local_url() function on Windows and Android allows remote attackers to invoke local-only IPC commands by hosting content on a domain whose first subdomain matches the application's custom URI scheme. An attacker can register a domain like http://app.evil.com/ to bypass origin validation when the target application uses an app:// custom protocol, gaining unauthorized access to backend functionality intended only for the application's own frontend. A public proof-of-concept demonstrates successful command invocation through this bypass.
Technical ContextAI
Tauri is a cross-platform application framework that allows developers to build desktop and mobile applications using web technologies. On Windows and Android platforms, WebView implementations cannot natively serve custom URI schemes (such as app://), so Tauri implements a workaround by mapping custom protocols to http://<scheme>.localhost/ URLs. The vulnerability exists in the is_local_url() validation function within the WebView module, which uses Rust's split_once('.') method to extract only the first domain label (subdomain) and check if it matches a registered custom protocol. The flaw occurs at https://github.com/tauri-apps/tauri/blob/1ef6a119b1571d1da0acc08bdb7fd5521a4c6d52/crates/tauri/src/webview/mod.rs#L1680, where the code fails to verify that the complete domain is exactly <protocol>.localhost, instead accepting any domain beginning with <protocol>. This is a subdomain matching bypass exploiting improper origin validation logic, classified as CWE-918 (Server-Side Request Forgery), which encompasses origin/trust boundary confusion attacks.
RemediationAI
Upgrade Tauri to version 2.11.1 or later immediately. The fix modifies is_local_url() to verify the complete domain is exactly <protocol>.localhost instead of accepting any domain beginning with <protocol>. Developers using Tauri 2.0.0 through 2.11.0 must rebuild and redeploy their applications with the patched version; there is no runtime workaround or configuration setting that mitigates the vulnerability without upgrading. For developers unable to upgrade immediately, the only compensating control is to restrict WebView navigation to trusted, controlled URLs and avoid loading arbitrary user-provided or external URLs in WebViews-however, this is not a reliable fix and may conflict with legitimate application requirements. The advisory at https://github.com/tauri-apps/tauri/security/advisories/GHSA-7gmj-67g7-phm9 contains detailed upgrade instructions and version compatibility information.
Same weakness CWE-918 – Server-Side Request Forgery (SSRF)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-32527
GHSA-7gmj-67g7-phm9